GHSA-6vm3-jj99-7229

Опубликовано: 27 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines

Gin is a HTTP web framework written in Go (Golang). Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

Ссылки

Пакеты

Наименование

github.com/gin-gonic/gin

Затронутые версииВерсия исправления

< 1.6.0

1.6.0

EPSS

Процентиль: 40%

0.00184

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-36567

Дефекты

CWE-116

CWE-117

Связанные уязвимости

CVE-2020-36567

CVSS3: 7.5

ubuntu

около 3 лет назад

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

CVE-2020-36567

CVSS3: 7.5

redhat

около 3 лет назад

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

CVE-2020-36567

CVSS3: 7.5

nvd

около 3 лет назад

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.

CVE-2020-36567

CVSS3: 7.5

debian

около 3 лет назад

Unsanitized input in the default logger in github.com/gin-gonic/gin be ...

EPSS

Процентиль: 40%

0.00184

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-36567

Дефекты

CWE-116

CWE-117